Qualcommax NSS Build

any nice build for wr36 to test? i have plenty of time , thanks!

what NSS packages have you loaded?
I needed both of these in additional to the essential nss modules to have vlans working correctly. Without bridge-mgr wierd stuff happens to connection tracking for me.
kmod-qca-nss-drv-vlan-mgr
kmod-qca-nss-drv-bridge-mgr

Thanks for your response!

I'm not entirely sure now, but I think I didn't have them in the build, so I'll try new build with them and I'll get back to you.

for me on ax3600 the following config works with vlans:
/etc/config/network:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-data'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'

config interface 'IoT'
        option proto 'static'
        option device 'br-IoT'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config device
        option type 'bridge'
        option name 'br-data'
        list ports 'br-lan.1'

config device
        option type 'bridge'
        option name 'br-IoT'
        list ports 'br-lan.10'

/etc/config/wireless:

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'IoT'
        option mode 'ap'
        option ssid 'xxxxxxxx'
        option encryption 'psk2'
        option key 'xxxxxxxxx'
        option wps_pushbutton '1'
        option dtim_period '3'
        option max_inactivity '86400'
        option disassoc_low_ack '0'
        option wnm_sleep_mode '1'

then you need to configure your firewall, as default it will reject packet from zones, and optionaly dhcp to be active on additional zone intefaces

The config is like:
vlan 1 is default one on all ports (untagged), zone lan
vlan 10 is for IoT for lan1 port (tagged) + wifi radio0, zone IoT with separate fw rules

Hi boys,

This version include NSS offload for WiFi

I am redo the repos over the latest commit from OpenWRT.

Changelog (include upstream of OpenWRT):

• Updated NSS kernel and software to version 6.6.33
• Added the latest changes developed by @qosmio for NSS.
• Changed the software from wpad-mbedtls to wpad-openssl to be in line with @qosmio
• Changed TCP Congestion Control to CUBIC before BBR, could improve or worsen WiFi depending on conditions, give me feedback about this.
• Applied optimizations for OpenSSL and ZLIB provided by @qosmio
• Added Linksys MX4200 (v1 and v2) to the build, ping @SirDonZ

Notes:

• The build is compiled with ath11k and NSS limits of 512MB and pbuf set to auto by default.
• The build is compiled with GCC 13.3.
• The default TCP congestion protocol is CUBIC.
• By default, the radio0 (IoT) is off (you can enable in LUCI) and the radio 1 (2.4 GHz) y 2 (5 GHz) is on.
• The default country code for the WiFi is USA to avoid problems with 160 MHZ because it does not work if it does not have a specified country code.
• I have posted on my Github all the workarounds used in this build: https://github.com/AgustinLorenzo/openwrt/issues/5 (english) and https://github.com/AgustinLorenzo/openwrt/issues/6 (spanish)
• Guide to upgrade to kernel 6.6 without losing your configuration: https://github.com/AgustinLorenzo/openwrt/issues/9 (english) and https://github.com/AgustinLorenzo/openwrt/issues/8 (spanish)

Sources:

• Normal build: https://github.com/AgustinLorenzo/openwrt/tree/main_nss
• Mesh build: https://github.com/AgustinLorenzo/openwrt/tree/main_nss_mesh
• NSS packages: https://github.com/AgustinLorenzo/nss-packages/commits/main_nss_wifi/

BUILDED (NORMAL): https://github.com/AgustinLorenzo/openwrt/releases/tag/ipq807x-nsswifi-2024-06-17-1302

BUILDED (MESH BUILD): https://github.com/AgustinLorenzo/openwrt/releases/tag/ipq807x-nsswifi-mesh-2024-06-17-2239

NOTE: Now I only compile the build for the following devices AX3600, AX6, AX9000, Dynalink DL-WRX36, Buffalo WXR-5950AX12, QNAP QHora-301W, Netgear RAX120v2, Arcadyan AW1000, Zyxel NBG7815 and Linksys MX4200 (v1 and v2), if someone has used my versions with other devices (and it is supported), let me know and I will add it.

Hi, is there support for the Gl-AXT1800?

Hi,
I have started using Mullvad VPN through wire guard on a WRX36. Best U/D is 500/500 on a 940/520 fibre connection on a current NSS build.
Curious if anyone has any performance suggestions / tweaks to improve my VPN throughput, or is this the best I can expect on this router?

How do you know that is not the maximum you get from Mullvad?

I have a DL-WRX36 not using NSS build and I measured LAN<>WAN WireGuard (using iperf between PC on the LAN and PC on the WAN) to max out at over 800 Mb/s
I do balance irq's as only performance tweak

Usually I configure vlans like you did it by using the "Enable VLAN filtering" switch on a DSA enabled router.

VLAN filtering1056×567 27.3 KB

However, in my case on a nbg7815 your configuration it does not work that way. Strange things like wifi clients not able to connect or w/o getting IP's assigned, etc. start to happen Sometimes the router luci is not reachable anymore.

In order to make it work, I replaced:

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'

by this (only for tagged vlans):

config device
        option type '8021q'
        option ifname 'wan'
        option vid '10'
        option name 'wan.10-IoT'

For each additional tagged vlan add a 8021q network device.

config device
        option type '8021q'
        option ifname 'wan'
        option vid '20'
        option name 'wan.20-Guest'

The remaining configuration is same like yours. Create bridges and connect the 8021q devices. Afterwards create interfaces and connect to the bridges + firewall zones.

Yeah about that.. there is this 'vlan hacking' present in the OpenWrt for quite some time. And you never know how it's exactly implemented in your device. If it's full and solid DSA or just something what acts like one. For example in AX3600 you can't just use ports and tag them, it does work only for the wan. With lan port you can only filter them as a bridged. The worst part about it is that you only find out after you try.

Hopefully it helps some people to save time. I was on the try and error path and spent a lot of it. More than once I was questioning myself. I have not too much experience with DSA on other machines. swconfig ist still active on many devices of the stable branch 23.xx. The tutorials about DSA VLAN are also not pointing to certain important points and so locking out is always a thread. I found the discussion here and here pretty helpful.

Applying /home/lin/ax6-6.x/package/kernel/mac80211/patches/nss/subsys/640-006-01-mac80211-Remove-unused-RX_FLAGS-from-mac80211_rx_fla.patch using plaintext: 
patching file include/net/mac80211.h
Hunk #1 succeeded at 1410 (offset 3 lines).
Hunk #2 FAILED at 1478.
1 out of 2 hunks FAILED -- saving rejects to file include/net/mac80211.h.rej
patching file net/mac80211/rx.c
Patch failed!  Please fix /home/lin/ax6-6.x/package/kernel/mac80211/patches/nss/subsys/640-006-01-mac80211-Remove-unused-RX_FLAGS-from-mac80211_rx_fla.patch!

Pushed an older rebase by mistake. Should be fixed in latest.

how can i install packages with kmods ? all time ends with error 255.

With custom builds you don't. If there is a package missing in the build you are much better off rebuilding with that package. Especially for kmods.

Related discussion: Issues installing packages on custom built OpenWrt firmware

You can use my builder to do so: https://github.com/JuliusBairaktaris/Qualcommax_NSS_Builder

kernel modules are inherently linked to their exact git commit, which unless compiled in from source or hosted in a separate NSS based repository, can't be installed from the default https://downloads.openwrt.org repository.

The users who provide the builds can provide the packages too. For example @dimfish do that, you can use his builds: https://openwrt.admincomps.ru/nss-wifi/ but they are from some time ago, not latest source.

Since yesterday's rebase, I have been getting a bit of kernel log spam with the following error message:

softirq: huh, entered softirq 3 NET_RX 00000000bc3a86b9 with preempt_count 00000101, exited with 00000301?

I recently changed the memory profiles to high (1GB) also for pbuf. Could this be the cause? Although I didn't see this error before the rebase.

There was some Rx related work done but that was regarding to ath10k which isn't included in my build.

Does anyone know the cause?

Hi @qosmio

Is RMNET fully enabled or included on the packages? Seems that I need the kmod-rmnet-core do you have insights for this one?

Trying to fully accelerate the 5G module on Arcadyan AW1000, but I'm getting this error:

ERROR: modpost: "rmnet_nss_callbacks" [/home/rob/openwrt-ipq/build_dir/target-aarch64_cortex-a53_musl/linux-qualcommax_ipq807x/quectel-mhi-pcie-1.3.6/pcie_mhi.ko] undefined!
make[6]: *** [scripts/Makefile.modpost:145: /home/rob/openwrt-ipq/build_dir/target-aarch64_cortex-a53_musl/linux-qualcommax_ipq807x/quectel-mhi-pcie-1.3.6/Module.symvers] Error 1
make[5]: *** [/home/rob/openwrt-ipq/build_dir/target-aarch64_cortex-a53_musl/linux-qualcommax_ipq807x/linux-6.6.33/Makefile:1874: modpost]**strong text**

I haven't checked the hard dependencies for RMMNET offload in my NSS repository, but you need to enable the RMMNET feature in NSS DRV. I'm not by my computer atm, but try grep -Ei "NSS.*NET" .config, that should tell you which feature needs to be enabled.

After enabling that, rebuild qca-nss-drv again, and then compile the rest of your build.